We have few legacy internal applications listening on a various TCP ports. Now we have a requirement to connect to these applications from a cloud vendor externally. There is no option to setup a site-to-site IPSec VPN tunnel to the cloud so we need to expose this server to internet securly. Can Palo alto act as a proxy for inbound traffic hosting the CA cerificate for the internal applications, decrypt and and send the decrypted packet to the internal server? Any documentation with configuration steps?
This does not sound like a job for paloalto. The better choice would be a reverse proxy like a Citrix Netscaler. Of course also an Apache or nginx webserver can be configured to do this job. Or a Kemp Loadmaster which (depending ond the bandwith you need) is also available for free: https://freeloadbalancer.com
Not sure if the SSL Decryption Broker feature coming in PanOS 8.1 will allow this.
I'm intrigued to find out myself, especially if there is a simple load balancer feature in it.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!